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QUESTION 1 

Scenario: For security reasons, the NSIP needs to be configured to only be accessible on interface 
0/1, which is VLAN 300. 

The NSIP address is 10.110.4.254 and the subnet mask is 255.255.255.0. 
How would the network engineer achieve this configuration? 

A. set ns config -nsvlan 300 -ifnum 0/1 

B. set ns ip 10.110.4.254 -gui ENABLED -vrlD 300 

C. add vlan 300 

set ns ip 10.110.4.254 -mgmtAccess ENABLED 

D. set ns config -IPAddress 10.110.4.254 -netmask 255.255.255.0 

Answer: A 
QUESTION 2 

Why would an engineer want to specify a TCP Profile for a specific service group? 

A. To enable use of features like SSL over TCP for that specific service group. 

B. To adjust the TCP settings for traffic to and from that specific service group. 

C. To use a specific SNIP for traffic to the back-end servers in that service group. 

D. To enable features like use source IP, TCP keep alive and TCP buffering for a specific service group. 

Answer: B 
QUESTION 3 

A network engineer wants to optimize a published load balanced SSL virtual server for WAN 
connection with long delay, high bandwidth with minimal packet drops. 

What would the network engineer use to do this type of optimization for the SSL virtual server? 

A. SSL policy 

B. TCP profile 

C. Compression policy 

D. Priority queuing policy 

Answer: B 
QUESTION 4 

Scenario: The NetScaler is connected to two subnets. The NSIP is 10.2.9.12. The external SNIP 
is 10.2.7.3. The MIP for internal access is 10.2.9.3. Web servers, authentication servers and time 
servers are on the 10.2.10.0/24 network which is available through the 10.2.9.1 router. The external 
firewall has the 10.2.7.1 address. Traffic bound for Internet clients should flow through the external 
firewall. 

Which command should be used to set the default route? 

A. add route 0.0.0.0 0.0.0.0 10.2.7.1 

B. add route 0.0.0.0 0.0.0.0 10.2.9.1 

C. add route 10.0.0.0 255.0.0.0 10.2.9.1 

D. add route 10.0.0.0 255.0.0.0 10.2.7.1 

Answer: A 
QUESTION 5 

Some SSL certificate files may be missing from a NetScaler appliance. 
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Which directory should an engineer check to determine which files are missing? 

A. /nsconfig/ssl 

B. /nsconfig/ssh 

C. flash/nsconfig/ 

D. /var/netscaler/ssl/ 

Answer: A 
QUESTION 6 

Scenario: An engineer has been hired to manage the content-switching configurations on the 
NetScaler. The user account for this engineer must have the standard rules that apply to the other 
administrators. 

What should the engineer do to allow for the extra privileges? 

A. Modify the current Command Policy and then save the changes. 

B. Unbind the current Command Policy of the user account and then save the changes. 

C. Remove the custom Command Policy and then create one with the new requirements. 

D. Create a custom Command Policy and bind it to the user account with the highest priority. 

Answer: D 
QUESTION 7 

A network engineer needs to configure smart card-based authentication on NetScaler Access 
Gateway. 

Which type of authentication policy could the engineer configure in order to accomplish this task? 

A. Local 

B. RADIUS 

C. Certificate 

D. Secure LDAP 

Answer: C 
QUESTION 8 

Scenario: The network engineer has created a monitor and bound it to a service group containing 
four web servers to verify that the web application responds. During routine maintenance one of 
the web servers is shut down; however, the server state remains UP and user requests are still 
attempting to communicate with the server. 
What could be causing this problem? 

A. The server has been disabled. 

B. The monitor is not bound at the correct bind point. 

C. Health monitoring is disabled for the service group. 

D. The NetScaler configuration has not been saved since before the monitor was bound. 
Answer: C 

QUESTION 9 

Scenario: An engineer is configuring services to allow load balancing of backend web servers on 
the internal network. The engineer bound multiple monitors to the first service, but notices that the 
service is reporting as DOWN. The monitor threshold default has NOT been changed. 
What could be causing this issue? 
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A. The service type is HTTP. 

B. One of the monitors' tests is failing. 

C. Some of the monitors have a higher weight. 

D. The monitors are both reporting an UP status. 

Answer: B 
QUESTION 10 

What should a network engineer configure to set high availability for a load balanced virtual server? 

A. Session persistence 

B. A backup virtual server 

C. Load balancing policies 

D. Load balancing services 

Answer: B 
QUESTION 11 

Scenario: A NetScaler engineer is adding a new SSL certificate to a NetScaler device. During the 
process the engineer receives an error message: 

"Certificate with key size greater than RSA512 or DSA512 bits not 
supported . " 

The same process has been followed previously on the same model of NetScaler successfully. 
What is the likely cause of this error? 

A. The certificate hostname is invalid. 

B. RSA authentication has been added to the VIP. 

C. The NetScaler has not been licensed correctly. 

D. The CSR has not been submitted to the certificate authority. 

Answer: C 
QUESTION 12 

Scenario: A network engineer needs to generate a certificate on the NetScaler appliance. The 
environment requires a private key with 4096-bit encryption. 

To generate a new SSL certificate from a NetScaler Appliance, the engineer must first create 
. (Choose the correct option to complete the sentence.) 

A. CSR 

B. DSA key 

C. RSA key 

D. Diffie-Hellman key 

Answer: C 
QUESTION 13 

Scenario: An engineer has configured an SSL virtual server and has bound a service group of type 
HTTP containing several servers. The service group is UP but the virtual server is in a DOWN state. 
The engineer has verified that the SSL feature is enabled. 
What should the engineer do to ensure that the virtual server shows as UP? 

A. Add a monitor that checks for HTTP. 
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B. Change the service group to type SSL. 

C. Bind an SSL certificate to the virtual server. 

D. Configure the service group to use port 443. 

E. Change the monitor for a larger time out period. 

Answer: C 
QUESTION 14 

Users have reported that they are receiving a confusing error message related to SSL sessions 
when connecting from older browsers. 

How could the network engineer present this error to users in a customized format? 

A. Enable the SSL v2 protocol. 

B. Set a URL on the backup virtual server. 

C. Add a redirect URL to the virtual server. 

D. Configure SSL v2 Redirection for the virtual server. 

Answer: D 
QUESTION 15 

A network engineer must determine which SSL protocols are enabled on a virtual server named 
SSL01. 

Which command could the engineer run to see this information? 

A. Show ssl stats 

B. Show server SSL01 

C. Show vServerSSLOl 

D. Show ssl vServer SSL01 

Answer: D 
QUESTION 16 

The security department just conducted a penetration test on the published virtual servers and all 
of the SSL virtual servers returned the result "Allowed changing to weak certificate standard" in the 
report. 

The reason for this result could be that the network engineer who configured the virtual servers 
forgot to . (Choose the correct option to complete the sentence.) 

A. block TLSvl 

B. apply the SSL policy 

C. configure the HIGH Cipher group only 

D. configure the DEFAULT Cipher group only 

Answer: C 
QUESTION 17 

Which policy expression must an engineer use to enable compression for javascript files? 

A. HTTP.RES.BODY(0).CONTAINS("javascript") 

B. HTTP.REQ.BODY(0).CONTAINS("javascript") 

C. HTTP. RES. HEADER("Content-Type").CONTAINS("javascript") 

D. HTTP.REQ.HEADER("Content-Type").CONTAINS("javascript") 
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Answer: C 
QUESTION 18 

Which expression must an engineer use to prevent compression of Cascading Style Sheets? 

A. HTTP.RES.BODY(0).CONTAINS("text/css") 

B. HTTP.REQ.BODY(0).CONTAINS("text/css") 

C. HTTP. RES. HEADER("Content-Type").CONTAINS("text/css") 

D. HTTP.REQ.HEADER("Content-Type").CONTAINS("text/css") 

Answer: C 
QUESTION 19 

The purpose of pre-fetch in integrated caching is to automatically . (Choose the correct 

option to complete the sentence.) 

A. refresh a cached object before expiring 

B. fetch objects from the forwarding cache before expiring 

C. retrieve all objects on a published website after a policy is applied 

D. retrieve an object in the expression from a website after a policy is applied 

Answer: A 
QUESTION 20 

What is the purpose of the flash cache option in integrated caching? 

A. To completely wipe a cache group when the targeted selector is hit in the cache 

B. To use the flash memory for storage for a specific cache group to improve performance 

C. To queue simultaneous requests of an object and answer all with the same response from the server 

D. To answer the client request without checking if the object has expired, objects are checked periodically 
instead 

Answer: C 
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